On 01/02/2011 07:36, Amos Jeffries wrote:
>
> The whole of section 6.1 is a major security vulnerability "don't do
> it!" situation. Read CVE-2009-0801 for an explanation of what malware
> can do to trivially spread themselves across your whole client base.
>
> The currently available Squid do permit it with loud failure warnings
> in cache.log. We are planning on fully disabling the security hole in
> the near future.
>
Section 6.1 was written 6-8 years ago... I can't say that I fully
understand CVE2009-0801... Can you elaborate on the security
vulnerability and how it applies to 6.1??
-- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: giles_at_coochey.net Skype: gilescoochey
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 12:00:04 MST